idm!rddlZddlZddlZddlmZddlmZmZmZm Z m Z m Z m Z m Z ddlmZGddeZy)N)RemoteTransport)InvalidPasswordExceptionTimeoutPasswordAuthExceptionPasswordRequestExceptionAuthPermissionDeniedExceptionConnectionExceptionConnectionTimeoutExceptionControlSocketMissingException"ControlPersistUnsupportedException)sos_get_command_outputcNeZdZdZdZdZd dZdZedZ edZ dZ y ) SSHControlPersista A transport for collect that leverages OpenSSH's ControlPersist functionality which uses control sockets to transparently keep a connection open to the remote host without needing to rebuild the SSH connection for each and every command executed on the node. This transport will by default assume the use of SSH keys, meaning keys have already been distributed to target nodes. If this is not the case, users will need to provide a password using the --password or --password-per-node option, depending on if the password to connect to all nodes is the same or not. Note that these options prevent the use of the --batch option, as they require user input. control_persistcgd}tj|tjtj}|j\}}|j d}d|vsd|vrt y)aChecks to see if the local system supported SSH ControlPersist. ControlPersist allows OpenSSH to keep a single open connection to a remote host rather than building a new session each time. This is the same feature that Ansible uses in place of paramiko, which we have a need to drop in sos-collector. This check relies on feedback from the ssh binary. The command being run should always generate stderr output, but depending on what that output reads we can determine if ControlPersist is supported or not. For our purposes, a host that does not support ControlPersist is not able to run sos-collector. Returns True if ControlPersist is supported, else raise Exception. )sshz-oControlPersist)stdoutstderrutf-8zBad configuration optionzUsage:T) subprocessPopenPIPE communicatedecoder )selfssh_cmdcmdouterrs J/usr/lib/python3/dist-packages/sos/collector/transports/control_persist.py_check_for_control_persistz,SSHControlPersist._check_for_control_persist-s]$2wz&0oo7??$Sjj! % ,C4 4c  |j|jd|jd|j |_d|_d}d}d}|jjdk7rd|jjz}|jjrd|jjz}d |d |d |j d |jjd |j d }tj|d}dddddtjg}|j|d}|dk(rd}n|dk(r]|rUddtjg} |j!||j| d} | dk(rd}n| dk(rt"| dk(rt$t&|dk(rt(|dk(r*t+|j |jj|dk(rt+|j |dk(rt,t/d|j0z|rNt2j4j7|j st8|j;d |j zyy#t$r|jdwxYw)!a0 Using ControlPersist, create the initial connection to the node. This will generate an OpenSSH ControlPersist socket within the tmp directory created or specified for sos-collector to use. At most, we will wait 30 seconds for a connection. This involves a 15 second wait for the initial connection attempt, and a subsequent 15 second wait for a response when we supply a password. Since we connect to nodes in parallel (using the --threads value), this means that the time between 'Connecting to nodes...' and 'Beginning collection of sosreports' that users see can be up to an amount of time equal to 30*(num_nodes/threads) seconds. Returns True if session is successfully opened, else raise Exception zYOpenSSH ControlPersist is not locally supported. Please update your OpenSSH installation.z,Opening SSH session to create control socketz/.sos-collector-Fz-p%s z-i%szssh  zT -oControlPersist=600 -oControlMaster=auto -oStrictHostKeyChecking=no -oControlPath=@z "echo Connected"r)encoding Connectedz password:z.*Permission denied.*z.* port .*: No route to hostz.*Could not resolve hostname.*)timeoutrTz$Permission denied, please try again.z!Unknown error, client returned %sz)Successfully created control socket at %s)r!r log_errorlog_infotmpdiraddress control_pathroptsssh_portssh_keyssh_userpexpectspawnTIMEOUTexpectsendlinerrrrrr Exceptionbeforeospathexistsr log_debug) rpassword connectedr8r7rresconnect_expectsindex pass_expects pass_indexs r _connectzSSHControlPersist._connectHsS&   + + - DE7;{{7;||E   99   #!3!33H 99  tyy000G(/'/'+'8'8'+yy'9'9'+|| 5mmC'2   $ + - OO   ?B 7 A:I aZ ;OO   X& ZZ bZA ? $I1_321_66.. aZ/ / aZ%dllDII4F4FG G aZ%dll3 3 aZ, ,?#**LM M 77>>$"3"3433 NNF!../ 0U2  NNF G  s II9ctjj|jr! tj|jy|j dy#t $r}|j d|zYd}~yd}~wwxYw)NTz!Could not disconnect properly: %sFz?Control socket not present when attempting to terminate session)rArBrCr5remover?rD)rrs r _disconnectzSSHControlPersist._disconnectsl 77>>$++ ,  $++, + , BSHI sA B&A??BcTtjj|jS)aCheck if the SSH control socket exists The control socket is automatically removed by the SSH daemon in the event that the last connection to the node was greater than the timeout set by the ControlPersist option. This can happen for us if we are collecting from a large number of nodes, and the timeout expires before we start collection. )rArBrCr5rs r rFzSSHControlPersist.connectedsww~~d//00r"c|js8d|jd|jjd|j|_|jS)Nzssh -oControlPath=r&r')rr5r6r9r4rQs r remote_execzSSHControlPersist.remote_execs9||!!499#5#5t||DL||r"c d|jd|jjd|jd|d| }t |}|ddk(S)Nz/usr/bin/scp -oControlPath=r&r':statusr)r5r6r9r4r )rfnamedestrrGs r _retrieve_filez SSHControlPersist._retrieve_filesC   tyy114<< %S)8}!!r"N)r$) __name__ __module__ __qualname____doc__namer!rLrOpropertyrFrSrYr"r rrsL  D6_B , 1 1"r"r)rAr:rsos.collector.transportsrsos.collector.exceptionsrrrrrr r r sos.utilitiesr rr`r"r rds8 4JJJ1q"q"r"